I can get popup mode to work using redirect: false when manually invoking lock on a page. But when the hosted login is triggered via a direct call to /authorize, the popup mode does not work. Using lock 10.11. Is there some reason popup mode does not work with the hosted login page?
The decision of where to open the hosted login page should be made by the client application; if the client application can handle the navigation away from itself it should just redirect in the same window and avoid popups altogether which would be the recommendation, however, if it does require the login to be processed in a popup then it should call
/authorize already in a popup window.
The Auth0.js library provides a utility method specific to this situation which you should check if you haven’t done so already. At this time the reference docs don’t really show a full usage example of that method so you may also want to take a look at this answer.
I am calling the authorize in a popup window. I’m talking about the redirect: false mode where the result of the login does not redirect but fires another popup to handle the redirect. I can’t get the hosted login, fired in a popup, to fire another popup to handle the auth. It works if I don’t use the hosted login. So, setting redirect: false in the hosted login code does nothing.